Due to their very nature, custom Android ROMs have root enabled by default. Up until relatively recently, installing custom Android ROMs was a thing geeks did, and as such, this wasn't much of a problem. However, over the past few days, I've found out just how easy installing custom ROMs and modifying them really is (I'm running this one until CyanogenMod 9 is ready for the SII), and it seems like more and more regular users are engaging in the practice as well. Suddenly, having root enabled becomes a security liability.

At some point early in Jailbroken iPhone history (or it is still the case), you could try "ssh root@ip password: alpine" using a custom nmap script and virally take control of all iPhones in the universe. At that time, most were jailbroken (iPhone 1 and 3G).